mnot’s blog

Design depends largely on constraints.” — Charles Eames

Friday, 21 June 2013

A Few Thoughts about PRISM

Filed under: Politics Protocol Design

The NSA PRISM story broke while I was on the road; last week I was in Tokyo for W3C meetings, moving to San Francisco for a HTTP meeting and Velocity.

As a result, I’ve had a chance to see the reaction of a pretty good cross-section of the tech industry’s reaction. To generalise, I’d say it was condemnation, but not surprise. As many have written, there’s a strong streak of respect for privacy and individual rights in Silicon Valley, but also a pragmatism about doing business that we’ve seen in its interactions with China, and now the US.

I’ll spare you a rant about how bad this program is, except to say that it represents (as per usual) a complete failure to appreciate the second order effects of one’s actions. These folks really need to read up on some game theory.

What I will ruminate upon is how this relates to the Internet and Web architecture. The Internet was designed to be resilient in the face of failure. As a result, all of its core protocols are distributed; SMTP, NNTP, NTP and of course TCP/IP didn’t have centralised servers that were vulnerable to catastrophes — and neither were they vulnerable to becoming choke points for surveillance. Sure, it’s possible to tap a connection and sniff TCP/IP, and it’s also possible to go into a mail provider and grab some mail, with the proper legal process (or lack thereof) in the appropriate country. However, doing so is hard; the folks who want to siphon up data have to go to significant effort to do it, and users have choices about where their data is stored and served from (see SMTP and XMPP). The exception is DNS, but a considerable amount of effort has been spent to make it as decentralised as possible.

Then the Web came along. On its own, the Web doesn’t centralise data; it becomes so when people gravitate to one service, and the number of people using it becomes its intrinsic value.

Consider Facebook; practically speaking, if you want to social network, you need to be on there, even if you don’t like it (and many don’t). Or file synchronisation; while there are many solutions out there, lots of apps are building support for Dropbox in, meaning that if I use another solution, I’ll be fighting an uphill battle.

Add to this the fact that most Internet connections go through the US, and most “core” services are there, and we have a recipe for what you might call an attractive nuisance — it’s too easy for the authorities to get to to NOT abuse it.

There are a lot of people pushing to get secure connections used everywhere on the Web. While transport encryption is an important, and especially important to have as an option, I’m more concerned about choosing where my data lives. Yes, there are cases when someone can sniff your password off of a Website, if you’re using unencrypted wireless and the web site has been careless. However, we now know that at least one government — probably many — has access to a wide variety of data held at a handful of popular Web providers. Moxie Marlinspike points out quite eloquently why this is a Bad Idea. I’d even argue that de-centralising data is even more important than encrypting it to hell and back. Because sometimes it’s a good thing that law enforcement can get to the data, if they have a real need. Having it collected up in a big bucket ready for abuse is what worries me.

The way to improve this situation is to make sure that these popular functions are abstracted out as open specifications — maybe even standards, although I’m not going to push that — so that people have a choice about where their data lives. The problem is that the companies that have dominance in these areas don’t have any incentive to play nicely with others. The Semantic Web and its more earth-bound cousin Linked Data could fix some of these issues, but from a business standpoint, the big boys would be crazy (probably criminal, if they’re public in the US) to encourage users to move away.

On the other hand, as someone who lives outside the US, I’m now very strongly incented to use local alternatives once they becomes available. Maybe VCs are going to see a new opportunity, and a few hundred country-specific Facebook and Dropbox clones are going to bloom.

And — maybe — the incentives for the currently big players will change, so that we’ll see common identity APIs and data sync APIs defined, and social sharing APIs be more than one-way firehoses.

Creative Commons